Re: Readable but not searchable?

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

At 08:15 PM 6/24/2004, Daniel Henninger wrote:
>First of all, I wanted to take a moment to say that y'all are one of the
>most helpful group of people I have ever worked with.  Rarely am I on
>mailing lists where I get prompt, accurate, and friendly answers all the
>time!  =)  Many thanks to everyone!
>
>
>So, I have a container, ou=private,ou=printers,dc=ncsu,dc=edu
>Ideally, what I would like to happen is for it to be impossible to do
>something like:
>-b ou=private,ou=printers,dc=ncsu,dc=edu '(printer-name=*)'
>
>instead, one would have to know the exact printer-name to look it up.
>
>visa versa, there is a ou=public,ou=printers,dc=ncsu,dc=edu that is
>perfectly fine to query with an * to get the list of all available public
>printers.  Basically, private printers are "hidden" via "security through,
>if you don't know it's there, you can't print to it".  ;)  Is this
>possible?  I have not been able to find a way to restrict searches, but
>allow direct queries.  Maybe it just isn't possible?  Thanks!

In the current ACL model, I don't think it's possible.
slapd(8) doesn't provide any mechanism to
        disallow non-equality matching
nor to
        return only values which were asserted by the client
        (or which are "public").

You can, however, returned the number of entries considered
as well as the number of entries returned... as well as
play a few other games.

Kurt


>Daniel
>
>-- 
>/\\\----------------------------------------------------------------------///\
>\ \\\      Daniel Henninger           http://www.vorpalcloud.org/        /// /
> \_\\\      North Carolina State University - Systems Programmer        ///_/
>    \\\                   Information Technology <IT>                  ///
>     """--------------------------------------------------------------"""